Merge branch 'master' into apps-in-windows-10-update

windows/security/threat-protection/TOC.md

@@ -171,7 +171,7 @@
 #### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
 #### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md)
 
-### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
+### [Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
 ### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
 ### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md

@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 author: brianlic-msft
-ms.date: 11/02/2017
+ms.date: 02/13/2018
 ---
 
 # Steps to Deploy Windows Defender Application Control
@@ -142,6 +142,11 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_ADDINPROCESS"      FriendlyName="AddInProcess.exe"            FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_ADDINPROCESS32"    FriendlyName="AddInProcess32.exe"          FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_ADDINUTIL"         FriendlyName="AddInUtil.exe"               FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_WSL"               FriendlyName="wsl.exe"                     FileName="wsl.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_WSLCONFIG"         FriendlyName="wslconfig.exe"               FileName="wslconfig.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_WSLHOST"           FriendlyName="wslhost.exe"                 FileName="wslhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />   
+    <Deny  ID="ID_DENY_INFINSTALL"        FriendlyName="infdefaultinstall.exe"       FileName="infdefaultinstall.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_LXRUN"             FriendlyName="lxrun.exe"                   FileName="lxrun.exe" MinimumFileVersion = "65535.65535.65535.65535" />
 
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@@ -392,6 +397,46 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny ID="ID_DENY_D_246" FriendlyName="PowerShell 246" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A910EA76F7F9BF31B3B4A3E9"/>
     <Deny ID="ID_DENY_D_247" FriendlyName="PowerShell 247" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A"/>
     <Deny ID="ID_DENY_D_248" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D"/>
+    <!--pubprn.vbs-->
+    <!--rs2 x86fre-->
+    <Deny ID="ID_DENY_D_249" FriendlyName="PubPrn 249" Hash="68E96BE23748AA680D5E1E557778901F332ED5D3" />
+    <Deny ID="ID_DENY_D_250" FriendlyName="PubPrn 250" Hash="8FA30B5931806565C2058E565C06AD5F1C5A48CDBE609975EB31207C25214063" />
+    <!--rs2 amd64fre-->
+    <Deny ID="ID_DENY_D_251" FriendlyName="PubPrn 251" Hash="32C4B29FE428B1DF473F3F4FECF519D285E93521" />
+    <Deny ID="ID_DENY_D_252" FriendlyName="PubPrn 252" Hash="D44FB563198D60DFDC91608949FE2FADAD6161854D084EB1968C558AA36513C7" />
+    <!--rs2 amd64chk-->
+    <Deny ID="ID_DENY_D_253" FriendlyName="PubPrn 253" Hash="9EDBEF086D350863F29175F5AB5178B88B142C75" />
+    <Deny ID="ID_DENY_D_254" FriendlyName="PubPrn 254" Hash="9B22C98351F2B6DEDDCED0D805C65F5B166FF519A8DF41EB242CB909471892EB" />
+    <!--rs2 x86chk-->
+    <Deny ID="ID_DENY_D_255" FriendlyName="PubPrn 255" Hash="8A3B30F345C43246B3500721CFEEADBAC6B9D9C6" />
+    <Deny ID="ID_DENY_D_256" FriendlyName="PubPrn 256" Hash="37C20BF20A2BBACE50957F8D0AB3FD16174BC005E79D47E51E899AFD9E4B7724" />
+    <!--rs2 woafre-->
+    <Deny ID="ID_DENY_D_257" FriendlyName="PubPrn 257" Hash="C659DAD2B37375781E2D584E16AAE2A10B5A1156" />
+    <Deny ID="ID_DENY_D_258" FriendlyName="PubPRn 258" Hash="EBDACA86F10AC0446D60CC75628EC7A370B1E2236E6D20F22372F91033B6D429" />
+    <!--rs3 amd64chk-->
+    <Deny ID="ID_DENY_D_259" FriendlyName="PubPrn 259" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
+    <Deny ID="ID_DENY_D_260" FriendlyName="PubPrn 260" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
+    <!--rs3 amd64fre-->
+    <Deny ID="ID_DENY_D_261" FriendlyName="PubPrn 261" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
+    <Deny ID="ID_DENY_D_262" FriendlyName="PubPrn 262" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
+    <!--rs3 arm64chk-->
+    <Deny ID="ID_DENY_D_263" FriendlyName="PubPrn 263" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
+    <Deny ID="ID_DENY_D_264" FriendlyName="PubPrn 264" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
+    <!--rs3 arm64fre-->
+    <Deny ID="ID_DENY_D_265" FriendlyName="PubPrn 265" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
+    <Deny ID="ID_DENY_D_266" FriendlyName="PubPrn 266" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
+    <!--rs3 woachk-->
+    <Deny ID="ID_DENY_D_267" FriendlyName="PubPrn 267" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
+    <Deny ID="ID_DENY_D_268" FriendlyName="PubPrn 268" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
+    <!--rs3 woafre-->
+    <Deny ID="ID_DENY_D_269" FriendlyName="PubPrn 269" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
+    <Deny ID="ID_DENY_D_270" FriendlyName="PubPrn 270" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
+    <!--rs3 x86chk-->
+    <Deny ID="ID_DENY_D_271" FriendlyName="PubPrn 271" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
+    <Deny ID="ID_DENY_D_272" FriendlyName="PubPrn 272" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
+    <!--rs3 x86fre-->
+    <Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
+    <Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
 
   </FileRules>
   <!--Signers-->
@@ -430,6 +475,11 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS"/>
           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32"/>
           <FileRuleRef RuleID="ID_DENY_ADDINUTIL"/>
+          <FileRuleRef RuleID="ID_DENY_WSL"/>
+          <FileRuleRef RuleID="ID_DENY_WSLCONFIG"/>
+          <FileRuleRef RuleID="ID_DENY_WSLHOST"/>
+          <FileRuleRef RuleID="ID_DENY_INFINSTALL"/>
+          <FileRuleRef RuleID="ID_DENY_LXRUN"/>
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
@@ -678,6 +728,32 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_D_246"/>
           <FileRuleRef RuleID="ID_DENY_D_247"/>
           <FileRuleRef RuleID="ID_DENY_D_248"/>
+          <FileRuleRef RuleID="ID_DENY_D_249"/>
+          <FileRuleRef RuleID="ID_DENY_D_250"/>
+          <FileRuleRef RuleID="ID_DENY_D_251"/>
+          <FileRuleRef RuleID="ID_DENY_D_252"/>
+          <FileRuleRef RuleID="ID_DENY_D_253"/>
+          <FileRuleRef RuleID="ID_DENY_D_254"/>
+          <FileRuleRef RuleID="ID_DENY_D_255"/>
+          <FileRuleRef RuleID="ID_DENY_D_256"/>
+          <FileRuleRef RuleID="ID_DENY_D_257"/>
+          <FileRuleRef RuleID="ID_DENY_D_258"/>
+          <FileRuleRef RuleID="ID_DENY_D_259"/>
+          <FileRuleRef RuleID="ID_DENY_D_260"/>
+          <FileRuleRef RuleID="ID_DENY_D_261"/>
+          <FileRuleRef RuleID="ID_DENY_D_262"/>
+          <FileRuleRef RuleID="ID_DENY_D_263"/>
+          <FileRuleRef RuleID="ID_DENY_D_264"/>
+          <FileRuleRef RuleID="ID_DENY_D_265"/>
+          <FileRuleRef RuleID="ID_DENY_D_266"/>
+          <FileRuleRef RuleID="ID_DENY_D_267"/>
+          <FileRuleRef RuleID="ID_DENY_D_268"/>
+          <FileRuleRef RuleID="ID_DENY_D_269"/>
+          <FileRuleRef RuleID="ID_DENY_D_270"/>
+          <FileRuleRef RuleID="ID_DENY_D_271"/>
+          <FileRuleRef RuleID="ID_DENY_D_272"/>
+          <FileRuleRef RuleID="ID_DENY_D_273"/>
+          <FileRuleRef RuleID="ID_DENY_D_274"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>

windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Advanced Threat Protection settings
+title: Windows Defender Advanced Threat Protection time zone settings
 description: Use the menu to configure the time zone and view license information.
 keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
 search.product: eADQiWindows 10XVcnh
@@ -8,12 +8,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
-author: DulceMV
+author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/30/2017
+ms.date: 02/13/2018
 ---
 
-# Windows Defender Advanced Threat Protection settings
+# Windows Defender Advanced Threat Protection time zone settings
 
 **Applies to:**
 
@@ -27,7 +27,7 @@ ms.date: 10/30/2017
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink)
 
-Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone and view license information.
+Use the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png) to configure the time zone and view license information.
 
 ## Time zone settings
 The aspect of time is important in the assessment and analysis of perceived and actual cyberattacks.
@@ -36,7 +36,7 @@ Cyberforensic investigations often rely on time stamps to piece together the seq
 
 Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time.
 
-Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Settings** menu ![Settings icon](images/settings.png).
+Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
 
 ### UTC time zone
 Windows Defender ATP uses UTC time by default.
@@ -55,7 +55,7 @@ The Windows Defender ATP time zone is set by default to UTC.
 Setting the time zone also changes the times for all Windows Defender ATP views.
 To set the time zone:
 
-1.	Click the **Settings** menu ![Settings icon](images/settings.png).
+1.	Click the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
 2.	Select the **Timezone UTC** indicator.
 3.	Select **Timezone UTC** or your local time zone, for example -7:00. 
 
@@ -88,5 +88,4 @@ The following date and time formats are currently not supported:
 **Decimal symbol used in numbers**<br>
 Decimal symbol used is always a dot, even if a comma is selected in  the **Numbers** format settings in **Region** settings. For example, 15,5K is displayed as 15.5K.
 
-## License
-Click the license link in the **Settings** menu to view the license agreement information for Windows Defender ATP.
+